fix: workload identity client id and tenant id

jformacek · jformacek · commit 64a45ac7ead3 · 2025-02-14T16:43:32.000+01:00
diff --git a/Tasks/Manage-AutomationAccount/Manage-AutomationAccount.ps1 b/Tasks/Manage-AutomationAccount/Manage-AutomationAccount.ps1
@@ -16,7 +16,7 @@ $verboseLog = Get-VstsInput -Name 'verbose' -AsBool
 $helperHybridWorkerModuleManagement = Get-VstsInput -Name 'helperHybridWorkerModuleManagement' -AsBool
 
 if ($verboseLog) {
-    Write-host "Verose log will be enabled"
+    Write-host "Verbose log will be enabled"
     $VerbosePreference = 'Continue'
 }
 Write-Host "Full sync set to $fullSync"
@@ -57,9 +57,8 @@ Write-Host "Import succeeded!"
 Write-Host "Starting process..."
 # retrieve service connection object
 $serviceConnection = Get-VstsEndpoint -Name $azureSubscription -Require
-$serviceConnectionSerialized = ConvertTo-Json $serviceConnection
 
-# define type od service connection
+# we support service principal with client secret or certificate, MSI, and workload identity federation
 switch ($serviceConnection.auth.scheme) {
     'ServicePrincipal' { 
         # get service connection object properties
@@ -113,10 +112,7 @@ switch ($serviceConnection.auth.scheme) {
 
         Write-Verbose "Getting access token for service connection"
         $vstsEndpoint = Get-VstsEndpoint -Name SystemVssConnection -Require
-        Write-Verbose "VSTS endpoint: `n$($vstsEndpoint | ConvertTo-Json -Depth 99 | Out-String)"
         $vstsAccessToken = $vstsEndpoint.auth.parameters.AccessToken
-        $servicePrincipalId = $vstsEndpoint.auth.parameters.serviceprincipalid
-        $tenantId = $vstsEndpoint.auth.parameters.tenantid
         
         $url = "$uri/$projectId/_apis/distributedtask/hubs/$hub/plans/$planId/jobs/$jobId/oidctoken?serviceConnectionId=$serviceConnectionId`&api-version=7.2-preview.1"
 
@@ -127,11 +123,11 @@ switch ($serviceConnection.auth.scheme) {
         Write-Verbose "Getting OIDC token from VSTS on uri: $url"
         $response = Invoke-RestMethod -Uri $url -Method Post -Headers @{ "Authorization" = ("Basic {0}" -f $base64AuthInfo) } -ContentType "application/json"
         
-        Write-Verbose ($response | ConvertTo-Json -Depth 99 | Out-String )
-        $oidcToken = $response.oidcToken
-        $assertion = $oidcToken
+        $assertion = $response.oidcToken
         
-        Write-verbose "Initializing AAD factory with assertion $assertion for tenant $tenantId"
+        $servicePrincipalId = $serviceConnection.auth.parameters.serviceprincipalid
+        $tenantId = $serviceConnection.auth.parameters.tenantid
+        Write-verbose "Initializing AAD factory with clientId $servicePrincipalId for tenant $tenantId"
         Initialize-AadAuthenticationFactory `
             -servicePrincipalId $servicePrincipalId `
             -assertion $assertion `
diff --git a/vss-extension.json b/vss-extension.json
@@ -2,7 +2,7 @@
     "manifestVersion": 1,
     "id": "Manage-AutomationAccount",
     "name": "Manage-AutomationAccount",
-    "version": "1.9.127",
+    "version": "1.9.128",
     "publisher": "GreyCorbelSolutions",
     "targets": [
         {

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`"manifestVersion": 1,`
`3`	`3`	`"id": "Manage-AutomationAccount",`
`4`	`4`	`"name": "Manage-AutomationAccount",`
`5`		`- "version": "1.9.127",`
	`5`	`+ "version": "1.9.128",`
`6`	`6`	`"publisher": "GreyCorbelSolutions",`
`7`	`7`	`"targets": [`
`8`	`8`	`{`